The latest version of Kubernetes does not support Docker as a container runtime anymore. That is why many Kubernetes administrators have migrated their cluster’s container runtime from docker to another container runtime like containerd or cri-o. Or they will do that soon.

References

• https://gist.github.com/mamiu/4944e10305bc1c3af84946b33237b0e9

Old: entering a Container as root with Docker

Most containers that run on Kubernetes clusters do not run as root. But what, if you want to test a container and for that, you want to install and test some software manually before you create a new container image? With Docker that was easy. Just enter the container as root (id=0) and do with the container, whatever you want to do:

docker exec -it --rm -u 0 <container-id> bash

Now, that the containers are no Docker containers anymore, this is not possible anymore.

New: entering a Container as root with runc

However, you can runc to enter the container as root. Say, you want to enter a shell as root user in the container running on my-pod on my-namespace. First, you need to calculate the container ID. With that information you can enter the container using runc like follows:

# INPUT
POD=my-pod
NAMESPACE=my-namespace

# CALCULATE
CONTAINER=$(kubectl -n $NAMESPACE get pod $POD -o jsonpath="{.status.containerStatuses[].containerID}" | sed 's/.*\/\///')

# RUN SHELL AS ROOT
sudo runc --root /run/containerd/runc/k8s.io/ exec -t -u 0 $CONTAINER sh

That’s it! You even do not need to install runc, since runc is part of the installation package if you have installed containerd (and I guess, also with cri-o…).

P.S.: if you still need to migrate your Kubernetes cluster from Docker container runtime to containerd runtime, you might be interested in this blog post:

Migrate Kubernetes Runtime from Docker to containerd